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THAT WHICH IS CLAIMED IS: T' : *'^$ ° 3 Ma/ ^Z^ 01 

1 (l) A system for providing a network adapter for one or more 

2 access points in a local area network environment, comprising: 

3 ( fneans for connecting ) said one or more access points to a wired 

4 network; 

5 (means for connecting ) said one or more access points to a 

6 wireless network; 

7 Q geans tor enforcing a managed network Environment; and 

8 dneans for communicating) with a network control server. 

12. A system as recited in claim 1, wherein said means for 

2 connecting to a wired network further comprises a wireline network 

3 interface. 

13. A system as recited in claim 1, wherein said means for 

2 connecting to a wireless network further comprises a wireless 

3 network interface. 

14. A system as recited in claim 3 wherein said wireless network 
2 interface is c oupled to a wireless access point . 

15. A system as recited in claim 4 wherein said wireless access 
2 point further comprises an 8 02.11 type access point . 

16. A system as recited in claim 4 wherein said wireless access 
2 point further comprises a B luetooth type access poin t. 

17. A system as claimed in claim 3 wherein said wireless network 
2 interface is c oupl ed to a Local Area Network (LAN) port . 

18. A system as recited in claim 1 wherein said means for 

2 enforcing a managed network environment further comprises an 

3 (augmented IP stackT? 

19. A system as recited in claim 8 wherein said augmented IP stack 
2 includes a Mobile IP Foreign Agent. 



-12- 



Attorney Docket RE2001001PCT 



PC TV LP S 01 S! ./ .1 38 9E. 



1 10. A system as recited in claim 8 wherein said augmented IP stack 

2 (detects and handlesjpackets corresponding to a plurality of network 

3 services. 

1 11. A system as recited in claim 1 wherein said means for 

2 communicating further comprises network coordination softwar e. 

1 12. A system as recited in claim 1 wherein said network adapter 

2 includes a /plurality of wireline network interface^ . 

1 13. A system as recited in claim 1 wherein said network adapter 

2 includes a (plurality of wireless network interfaces] . 

1 14. A system as reci ted in claim 1 wherein said network adapter 

^ 2 is coupled to a {swTtc^ and said switch is co upled t o a pl urality 

3 of s hort-range wireless access poin ts. 

1 15. A system as recited in claim 14 wherein said switch is 

2 programmable to automatically forward all inbound packets from 

3 wireless access point LAN segments to a segment containing said 

4 network adapter. 

1 16. A system as recited in claim 14 wherein said switch is 

2 programmable to a utomatically forward all packets not originating 

3 from a LAN segment containing the network adapter and destined to 
C/ 4 an access point segment, to the LAN segment containing said network 

5 adapter. 

1 17. A system as recited in claim 14 wherein the access points or 

2 wireless clients are programmed to forwar d all packets to said 

3 network adapter. 

1 18. A system as recited in claim 1 wherein said network control 

2 server is collocated with said network adapter. 

1 19. A system as recited in claim 1 wherein said network control 

2 server is corJ. seated with a Core Server. 
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1 20. A system as recited in claim 1 wherein said network control 

2 server is co-l ocated with a Routing Coordinator. 

1 21. A system as recited in claim 1 wherein said network adapter 

2 further comprises at least one of a stand-alone personal computer 

3 f TpC)} and a s pecial purpose computing mach ine. 

1 22. A system as recited in claim 1 wherein said network adapter 

2 further comprises [software] stored within said one or more access 

3 points. 

1 23. A system as recited in claim 1 wherein said network control 

2 server is d istributed ove r said wired netwo rk. 

1 24. A system as recited in claim 1 wherein said network adapter 

2 is connectable to one or more access points located on a plurality 

3 of LAN segments. 

1 25. A system as recited in claim 1 wherein said network adapter 

2 is c onnectable to different wi reless LANs . 

1 26. A system as recited in claim 1 wherein said network adapter 

2 is co-located with at least one of a Handoff Management Point, a 

3 Home Address Masquerader and a Foreign Address Masquerader. 

1 ^27^ A method for providing a network adapter for a plurality of 

2 access points in a local area network environment, comprising the 

3 steps of: 

4 ^ connectlri^ said access points to a wired network; 

5 CT connectfn^ said access points to a wireless network; 

6 <jinforcing) a managed network environment; and 

7 Cconutiunica tTnq> with a Network Control Server. 



1 28. A method as recited in claim 27 wherein the step of enforcing 

2 a managed network environment further comprises the steps of: 

3 / Receiving) packets from a wireline network; 

4 /^processing s said packets through an augmented IP stack; 

5 ^determining]} whether to rewrite said packets; and 
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6 forwarding]) said packets to said wireless network. 

1 29. A method as recited in claim 28, further comprising, prior to 

2 the step of forwarding said packets to said wireless network, the 



3 step of [ determining} whether to filter said packets, 



1 30. A method as recited in claim 27 wherein the step of enforcing 

2 a managed network environment further comprises the steps of: 

3 ^receiving*) packets from a wireless network; 

4 ^processing^ said packets through an augmented IP stack; and 

5 C forwarding ) said packets to a wireline network. 

1 31. A method as recited in claim 30, wherein said step of 

2 processing further comprises, prior to the step of forwarding, the 

3 steps of: 

4 ^Hetermining^ whether to filter said packets; and 

5 determining^ whether to rewrite said packets. 

1 32. A method as recited in claim 31, further comprising the steps 

2 of: 

3 (detecting ) packets corresponding to a plurality of network 

4 services via said augmented IP stack; and 

5 CKandling ) said packets. 

1 33. A method as recited in claim 27, further comprising the step 

2 of determining) an access point currently associated with a mobile 

3 client by (inspecting) a media access control (MAC) address 

4 associated with packets transmitted by the mobile client. 
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ABSTRACT OF THE DISCLOSURE 

A system and a method for enabling existing short range 
wireless access points (100) to participate within a coordinated 
networked environment through the use of adapters (101) that extend 
the access points' capabilities, implement policies, and perform 
5 other operations. 
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METHOD MD SYSTEM FOR ADAPTING SHORT-RANGE TIRELESS ACCESS 
POINTS FOR PARTICIPATION IN A COORDINATED NETWORKED ENVIRONMENT 

CROSS REFERENCE TO RELATED APPLICATIONS 

This application is co-pending with and claims pursuant to 35 
U.S.C. § 120 as to its common subject matter the filing date of 
patent application serial number 09/637,742, filed August 11, 2000, 
and patent application serial number 09/657,745, filed September 
8, 2000. 

TECHNICAL FIELD 

The invention relates generally to wireless networks, and more 
particularly to an adapter and method for extending stand-alone 
wireless access points to enable their delivery of an integrated 
solution within a network environment. 

BACKGROUND 

Short-range wireless technologies such as 802.11, Bluetooth, 
HomeRF, and others are being rapidly deployed to allow mobile 
devices to connect with existing intra-building wired Local Area 
Networks (LANs) . To enable this connectivity, wireless access 
points are being developed by various manufacturers. An example 
of such an access point is the Aironet 340 access point (an 802.11 
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type access point) manufactured by Cisco Systems, Inc. of San Jose, 
California. Another example is the AXIS 9010 access point (a 
Bluetooth type access point) manufactured by Axis Corporation of 
Lund, Sweden. 

5 

Traditional wireless access points provide limited 
functionality, essentially limited to enabling a so-called 
"hotspot" of connectivity to the LAN. The access point operates by 
forwarding data packets from the wireless environment to the wired 

10 LAN, and vice versa. However, within an environment containing 
multiple access points, conventional stand-alone access points have 
several limitations. For example, a stand-alone access point: (1) 
cannot be centrally managed; (2) cannot support layer 3 (IP) 
roaming with other access points; (3) cannot enforce quality-of- 

15 service (QoS) metrics; (4) cannot deliver centralized logging and 
reporting; and (5) provides only limited security and 
authentication capability, and no server managed security. 

Existing efforts to address the aforementioned limitations 

20 involve the incorporation of new infrastructure into an existing 
network to provide some of the missing services for the access 
points. One example of this approach is the combination of a Cisco 
Aironet 350 access point and a Cisco Secure Access Control Server 
for delivery of authentication and dynamic encryption key 

25 generation services. Another example of this approach is the 
incorporation of a 3Com SuperStack II switch for delivery of 
authentication and virtual private networking (VPN) access to 
wireless users. Such conventional approaches, however, require one 
or more of the following: (1) mandatory software on the client 

30 devices (e.g., VPN software); (2) particular versions of wireless 
client hardware or firmware, thereby forcing a homogeneous 
environment; (3) upgrades to the existing wireless access points; 
and (4) complex network configurations, since multiple pieces of 
infrastructure must be separately installed, configured and 

35 managed. 

These requirements make deployment difficult, limit device 
choice, and do not provide a scalable approach to delivering all 
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of the required services for the access points in an enterprise 
network. Accordingly, there is an established need for 
improvements over prior art wireless access point systems. 

5 

SUMMARY OF THE INVENTION 
It is an object of the present invention to provide a network 
adapter for an access point within a networked environment. 

10 It is another object of the present invention to provide a 

network adapter for a plurality of access points within a switched 
Local Area Network. 

In a preferred embodiment of the invention, an adapter device 
15 is provided connected to each short-range wireless access point in 
a network. Each packet transmitted between an access point and the 
wired LAN passes through the adapter. The adapter may be 
implemented as a stand-alone Personal Computer (PC), a special- 
purpose computing appliance, or as a component that is physically 
20 coupled to the access point, with the component / access point 
combination encapsulated within a single enclosure. 

In one aspect of the invention, the adapter is implemented as 
a software component or module loaded into the memory of the access 
25 point. Preferably, the adapter comprises a wireline network 
interface, a wireless network interface, an IP stack and network 
coordination software . 

In another aspect of the invention incorporated within a 
30 switched LAN environment , a single adapter device can support a 
plurality of short-range wireless access points. 

BRIEF DESCRIPTION OF THE DRAWINGS 

35 

The preferred embodiments of the invention will hereinafter 
be described in conjunction with the appended drawings provided to 
illustrate and not to limit the invention, where like designations 
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denote like elements, and in which: 

FIG. 1 is a block diagram of an adapter connecting wired and 
wireless networks, in accordance with the present invention; 

5 

FIG. 2 is a block diagram of an adapter, in accordance with 
the present invention; 

FIG. 3 is a flow chart illustrating a method for forwarding 
10 a packet to a wireless interface, in accordance with the present 
invention; 

FIG. 4 is a flow chart illustrating a method for forwarding 
a packet to a wireline interface, in accordance with the present 
15 invention; 

FIG. 5 is a block diagram of an adapter connected to a 
plurality of access points through a switch, in accordance with the 
present invention; 

20 

FIG. 6 is a block diagram illustrating three individual access 
point segments connected to a single adapter, in accordance with 
the present invention; and 

25 FIG. 7 is a block diagram of an adapter connecting to access 

points from different wireless networks, in accordance with the 
present invention . 

DETAILED DESCRIPTION OF THE INVENTION 
30 Generally, a typical network environment consists of a network 

control server connected to a wired Local Area Network (LAN) . The 
adapter' s wireline network interface is connected to the Local Area 
Network and the adapter' s wireless network interface is connected 
to an access point. The network control server is connected to the 
35 Local Area Network, which in turn is connected to the Internet 
backbone . 

Referring now to FIGS. 1 and 2, one or more adapters 101 are 
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provided connected to corresponding short-range wireless access 
points 100. In the preferred embodiment of the present invention, 
adapter 101 has two network interfaces, a wireless network 
interface and a wireline network interface. The wireless network 
interface is connected directly to each access point 100, while the 
wireline network interface is connected directly to a local area 
network (LAN) 102 or, alternatively, to a switch/router (not shown 
in FIG. 1) . In this manner, all packets sent between access point 
100 and the wired LAN 102 must pass through the adapter 101. 

The adapters 101 communicate with a Network Control Server 
(NCS) 103 which maintains information required by the adapters 101 
in the networked environment. Preferably, the NCS 103 communicates 
with the adapters 101 via LAN 102. However, as will be apparent 
to those skilled in the art, the Network Control Server 103 can be 
attached directly to each adapter 101, or it can communicate with 
the adapters via a wide-area network (WAN) , such as the Internet. 

Adapter 101 can be implemented as a stand-alone personal 
computer (PC) or, alternatively, as a special-purpose computing 
appliance. Alternatively, the adapter 101 can be implemented as 
a component physically coupled to the access point 100, with the 
combination encapsulated within a single enclosure. In further 
aspects of the invention, the adapter 101 is implemented as a 
software component or module loaded into the memory of access point 



In an alternative embodiment of the present invention, adapter 
101 functions with an existing wired LAN port, instead of a short- 
range wireless access point 100. In this case, the adapter's 
wireline interface 200 is attached to a LAN port (as usual) , and 
a client device or switch can be attached to the adapter' s wireless 
network interface 201 (instead of an access point) . 

Commonly-assigned pending U.S. patent application serial 



by reference, which is titled "Enabling Seamless User Mobility in 
a Short-Range Wireless Networking Environment", discloses a 




August 11, 2000, and incorporated herein 
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wireless networking system wherein a central core server resides 
in the network infrastructure and provides services to Handoff 
Management Points (HMPs) as users of devices roam through the 



5 implemented i n combination with this commonly-assigned inve ntion, 
wherein the network control server 103 is co-located with the core 
server or, alternatively, where the network adapters 101 are co- 
located with the HMPs. This combined configuration enables clients 
to travel seamlessly between access points that do not directly 
10 support coordination through the core server. 



number 09/657, 745, x filed September 8, 2000, and incorporated herein 



by reference, which is titled "Location-Independent Routing and 
15 Secure Access in a Short-Range Wireless Networking Environment", 
discloses a system wherein a routing coordinator maintains a 
plurality of connection table records and wherein a plurality of 
Home Agent Masqueraders (HAMs) and Foreign Agent Masqueraders 
(FAMs) communicate with the routing coordinator to ensure that 
20 client data connections are preserved as the client travels 
throughout the short-range wireless network environment. Each of 
the connection table records includes a client address and port, 
and a server address and port. The system of the present invention 
can be implemented in c ombination with this commonly-as signed 
25 invention , where the network control server 103 is co-located with 
the routing coordinator or, alternatively, where the network 
adapters 101 are co-located with the HAMs and FAMs. The combined 
configuration enables clients to preserve network connections as 
they travel through a short-range wireless network environment and 
30 communicate with access points that do not directly support 
coordination through the routing coordinator. 

Accordingly, the network control server 103 of the present 
invention can be co-located with the core server and/or the routing 
35 coordinator of the above-identified commonly-assigned inventions. 
Moreover, the adapters 101 described in the present invention can 
be co-located with the HMP and/or the HAM or FAM of these commonly- 
assigned inventions . 



environment . 



The system of the present invention can be 




Cqmmpjlly-as signed pending U.S. patent application serial 
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As best depicted in FIG. 2, adapter 101 includes a wireline 
network interface 200, a wireless network interface 201, network 
coordination software 202, and an augmented IP stack 203. 

5 Wireline network interface 200 can comprise an Ethernet, token 

ring or other any other local area network (LAN) interface known 
in the art. In the preferred embodiment of the present invention, 
network adapter 101 incorporates a single wireline network 
interface 200. However, as will be apparent to those skilled in 
10 the art, alternative embodiments of the present invention can 
include multiple wireline network interfaces, each connecting the 
adapter 101 to a different LAN. 

Wireless network interface 201 can comprise an Ethernet 
15 connection, serial cable, RS232 or other cable connection to a 
wireless access point 100. Preferably, network adapter 101 
incorporates a single wireless network interface 201. However, as 
will be apparent to those skilled in the art, alternative 
embodiments of the present invention can include multiple wireless 
20 network interfaces, each connecting the adapter 101 to a different 
wireless access point 100. (See FIGS. 5-7, for example.) 

Network coordination software 2 02 is provided for 
communicating with the network control server 103 to provide 
^ t 25 coordination functions on behalf of the adapted access point 100 
within the managed network environment. In the preferred 
embodiment of the present invention, the network coordination 
software 202 enables the adapter to retrieve network security and 
quality-of-service policies, retrieve packet rewriting rules, 
30 transmit logs and alerts, and disseminate information pertaining 
to device arrival and departure. Furthermore, the software 
receives management commands that are forwarded to the access point 
itself. 

35 Augmented IP stack 203 comprises an IP stack that has been 

instrumented with particular features to enforce the managed 
network environment. In the preferred embodiment of the present 
invention, the aforementioned features include, but are not limited 
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to, packet filtering and packet rewriting. The packet filtering 
feature prevents a packet from being forwarded to its intended 
destination, in accordance with the security, quality-of-service 
or other policies within the managed network environment. The 
5 packet rewriting feature rewrites a packet before it is forwarded 
to an intended destination, in accordance with the policies within 
the managed network environment. In the preferred embodiment of 
the present invention, the packet rewriting functions include 
Network Address Translation (NAT), an address management technique 
10 that is well known in the prior art. In one aspect of the present 
invention, the packet rewriting policies enable a layer 3 (IP) 
roaming capability. 

In an alternate embodiment of the present invention, the 
15 augmented IP stack 203 includes support for a mobile IP Foreign 
Agent (FA). The mobile IP protocol is defined in RFC 2O02, 
available on the Internet at www.rfc-editor.org. In a further 
alternate embodiment of the present invention, the augmented IP 
stack includes services that detect and handle packets 
20 corresponding to various standard protocols such as the Domain Name 
Service (DNS) protocol, Dynamic Host Configuration Protocol (DHCP), 
Remote Authentication Dial-In User Service (RADIUS) protocol, and 
Internet Group Management Protocol (IGMP) . The augmented IP stack, 
upon detecting a packet corresponding to one of these services, may 
25 filter the packet, forward the packet or generate a response in 
accordance with the policies within the managed network 
environment. 

Referring now to FIG. 3, a preferred method of forwarding a 
30 packet to the wireless network is illustrated. Upon receipt by 
wireline interface 300, the packet is forwarded to augmented IP 
stack 301. Initially, the augmented IP stack 301 determines 
whether the packet should be discarded 302. If so, the packet is 
discarded 303 and the processing is completed. If not, the 
35 augmented protocol stack determines whether the packet must be 
modified 304; if so, the packet is modified in accordance with the 
implementation of the adapter 101. Finally, the packet is 
forwarded to the wireless network interface for transmission 305. 
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At various points in this process , it may be necessary for the 
adapter 101 to obtain configuration information from the network 
control server, in which case the network coordination software in 
the adapter is invoked to retrieve such information. At various 
5 points in this process, the adapter may be required to report 
information to the network control server, in which case the 
network coordination software in the adapter is invoked to report 
the information. 

10 Referring now to FIG. 4, a preferred method of forwarding a 

packet to the wireline network interface is illustrated. Upon 
being received by the wireless interface 400, a packet is initially 
forwarded to augmented IP stack 401. The augmented protocol stack 
determines whether the packet should be discarded (402) and, if so, 

15 the packet is discarded 403 and processing is completed. Where the 
packet is not to be discarded, the augmented protocol stack 
determines whether the packet requires modification 404. If 
modification is required, the packet is modified in accordance with 
the implementation of the adapter 101. Subsequently, the packet 

20 is forwarded to the wireline network interface for transmission 
405. At various points in this process, the adapter 101 may 
require configuration information from the network control server, 
in which case the network coordination software in the adapter is 
invoked to retrieve that information. At various points in this 

25 process, the adapter may be required to report information to the 
} network control server, in which case the network coordination 
software in the adapter is invoked to report that information. 

Referring now to FIG. 5, the adapter 101 is illustrated 
30 connected to a plurality of access points 100 via a switch 500. 
In an alternative embodiment of the present invention, adapter 101 
provides services to a plurality of short-range wireless access 
points 100. In this environment, a plurality of short-range 
wireless access points 100 are individually coupled to switch 500. 
35 Although FIG. 5 depicts each access point 100 located on a 
dedicated segment connected to the switch 500, it will be apparent 
to those skilled in the art that a single LAN segment can contain 
multiple wireless access points. Adapter 101 is also attached to 
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switch 500. In this embodiment, the adapter's wireline and 
wireless interfaces are preferably integrated into a single 
connection 503 of switch 500. In one implementation of this 
embodiment, the switch 500 is programmed to automatically forward 
5 all inbound packets originating from access point LAN segments 
501a, 501b, 501c (for example) to the LAN segment 503 containing 
the adapter 101. The switch 500 is also programmed to 
automatically forward all packets not originating from the LAN 
segment 503 containing the adapter (e.g., originating from LAN 102 
10 and arriving via segment 502) and destined to an access point LAN 
segment 501, to the LAN segment 503 containing the adapter 101. 
In this manner, the adapter 101 can receive and process all packets 
originating from and destined to the access points 100. 

^ 15 Referring now to FIG. 6, in a further alternate embodiment of 

the present invention, adapter 101 supports a plurality of switched 
LANs 500, at least some of which contain wireless access points. 
In FIG. 6, adapter 101 is shown connected to three switched LANs 
containing wireless access points. This is merely for illustrative 
20 purposes; obviously, the number of LANs and access points can vary. 

A plurality of short-range wireless access points 100 provided 
are coupled to each switch 500. There are three access point LANs 
and the switch 500 of each LAN is connected to the wireless network 
25 interface of an adapter 101. The wired network interface of the 
( ^ adapter is connected to a pair of wired LANs 102. One or more 
personal computers (PCS) 600 are provided connected to each of the 
wired LANs. In this case, the adapter 101 receives packets sent 
to or from access points connected to all three switches 500. 
30 Moreover, the adapter is able to process packets sent to or from 
multiple wired networks 102. 

The access points 100 or wireless clients may be programmed 
to forward all wireline-destined packets to the adapter 101 by 
35 defining the destination media access control (MAC) address to be 
that of the adapter. For example, the access points 100 can be 
programmed to treat the adapter 101 as a default IP gateway for 
network traffic. 
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In an alternate implementation of the present invention, the 
network control server 103 can be co-located with the adapter 101 
to reduce the quantity of servers necessarily installed in the 
network environment, and to reduce the overall system cost. 

5 

In a further alternate implementation of the present 
invention, the components of the network control server can be 
distributed to provide improved performance or failure handling. 

10 In another implementation of the present invention, the 

adapter 101 can connect to access points 100 supporting different 
wireless networks. Furthermore, the aforementioned different 
wireless networks can incorporate multiple different short-range 
wireless communication technologies. 

15 

Referring now to FIG. 7, the adapter 101 is illustrated 
connected to access points 100 which are connected to multiple 
different wireless networks. These different wireless networks can 
employ the same network technology, in which case they have 
20 distinguished network identifiers, or they can employ different 
network technologies such as 802.11 and Bluetooth. 

Access points 100 from different wireless networks are 
connected to an adapter 101 wireless network interface. The adapter 
25 wired network interface is connected to the wired Local Area 
Network 102. It is to be understood that in alternative 
embodiments, the adapter can be connected to different wireless 
networks through a plurality of switches, as previously described 
with respect to FIG. 5 and FIG. 6. 

30 

While the preferred embodiments of the invention have been 
illustrated and described, it will be clear that the invention is 
not limited to these embodiments only. Numerous modifications, 
changes, variations, substitutions and equivalents will be apparent 
35 to those skilled in the art without departing from the spirit and 
scope of the invention as described in the claims. 
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